library/ajax/addlistitem.php

   1 <?php
   2
   3 /**
   4  * This file is used to add an item to the list_options table
   5  *
   6  * OUTPUT
   7  *   on error = NULL
   8  *   on success = JSON data, array of "value":"title" for new list of options
   9  *
  10  * @package   OpenEMR
  11  * @link      https://www.open-emr.org
  12  * @author    Jason Morrill <jason@italktech.net>
  13  * @author    Brady Miller <brady.g.miller@gmail.com>
  14  * @author    Daniel Ehrlich <daniel.ehrlich1@gmail.com>
  15  * @copyright Copyright (c) 2009 Jason Morrill <jason@italktech.net>
  16  * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
  17  * @copyright Copyright (c) 2018 Daniel Ehrlich <daniel.ehrlich1@gmail.com>
  18  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  19  */
  20
  21 require_once("../../interface/globals.php");
  22
  23 use OpenEMR\Common\Csrf\CsrfUtils;
  24
  25 //verify csrf
  26 if (!CsrfUtils::verifyCsrfToken($_GET["csrf_token_form"])) {
  27     echo json_encode(array("error" => xl('Authentication Error') ));
  28     CsrfUtils::csrfNotVerified(false);
  29 }
  30
  31 // check for required values
  32 if ($_GET['listid'] == "" || trim($_GET['newitem']) == "" || trim($_GET['newitem_abbr']) == "") {
  33     exit;
  34 }
  35
  36 // set the values for the new list item
  37 $is_default = 0;
  38 $list_id = $_GET['listid'];
  39 $title = trim($_GET['newitem']);
  40 $option_id = trim($_GET['newitem_abbr']);
  41 $option_value = 0;
  42
  43 // make sure we're not adding a duplicate title or id
  44 $exists_title = sqlQuery("SELECT * FROM list_options WHERE " .
  45     " list_id= ? " .
  46     " and title = ? AND activity = 1", array($list_id, $title));
  47 if ($exists_title) {
  48     echo json_encode(array("error" => xl('Record already exist') ));
  49     exit;
  50 }
  51
  52 $exists_id = sqlQuery("SELECT * FROM list_options WHERE " .
  53     " list_id= ?" .
  54     " AND option_id = ? AND activity = 1", array($list_id, $option_id));
  55 if ($exists_id) {
  56     echo json_encode(array("error" => xl('Record already exist') ));
  57     exit;
  58 }
  59
  60 // determine the sequential order of the new item,
  61 // it should be the maximum number for the specified list plus one
  62 $seq = 0;
  63 $row = sqlQuery("SELECT max(seq) as maxseq FROM list_options WHERE list_id = ? AND activity = 1", array($list_id));
  64 $seq = $row['maxseq'] + 1;
  65
  66 // add the new list item
  67 $rc = sqlInsert("INSERT INTO list_options ( " .
  68     "list_id, option_id, title, seq, is_default, option_value ) VALUES ( ?, ?, ?, ?, ?, ? )", array($list_id, $option_id, $title, $seq, $is_default, $option_value));
  69
  70 // return JSON data of list items on success
  71 echo '{ "error":"", "options": [';
  72 // send the 'Unassigned' empty variable
  73 echo '{"id":"","title":' . xlj('Unassigned') . '}';
  74 $comma = ",";
  75 $lres = sqlStatement("SELECT * FROM list_options WHERE list_id = ? AND activity = 1 ORDER BY seq", array($list_id));
  76 while ($lrow = sqlFetchArray($lres)) {
  77     echo $comma;
  78     echo '{"id":' . js_escape($lrow['option_id']) . ',';
  79
  80     // translate title if translate-lists flag set and not english
  81     if ($GLOBALS['translate_lists'] && $_SESSION['language_choice'] > 1) {
  82         echo '"title":' . xlj($lrow['title']) . '}';
  83     } else {
  84         echo '"title":' . js_escape($lrow['title']) . '}';
  85     }
  86 }
  87
  88 echo "]}";
  89 exit;